wireless_frame_parse.c

该系统可以对WLAN中的无线数据帧进行格式解析

#include <stdio.h>
#include "wireless_frame_parse.h"
#include <pcap.h>
#define PCAP_PATH_SIZE 30

u8 *mgmt_ie[] = {
	"ssid",
	"supported rates",
	"fh set",
	"ds set",
	"fc set",
	"tim",
	"IBSS",
	"","","","","","","","","",
	"test text",
};



struct frame_list frame_captured;

void dispatch_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data){
	int i = 0;
	u8 type;
	u8 stype;
	if (frame_captured.frame_list_size > FRAME_LIST_SIZE){
		printf("the frame num has surpass the max num: the capture will be ended\n");
		return -1;
	}
	type = WLAN_FC_GET_TYPE(pkt_data[0]);
	stype = WLAN_FC_GET_STYPE(pkt_data[0]);
//	printf("---------------------------------------------\n");
//	printf("this is %d frame\n", frame_captured.frame_list_size);
	
	//for mgmt frame				
	struct platform_ieee80211_mgmt* tmp_mgmt = NULL;
	u16 tmp_seq;//for mgmt frame process
	u16 ie_total_len;
	u16 offset_ie;
	u8 tagged_num;
	u8 tagged_len;
	u8 *tagged_ie = NULL;
	
	//for control frame
	struct platform_ieee80211_control* tmp_control = NULL;
	
	struct platform_ieee80211_data* tmp_data = NULL;
	struct platform_ieee80211_unknown* tmp_unknown = NULL;
	switch (type){

		case WLAN_MANAGEMENT_FRAME:
		//do something for all mgmt frame
			printf("-------------------------------------------\n");
			if  ((frame_captured.frame_array[frame_captured.frame_list_size].u1.mgmt = (struct platform_ieee80211_mgmt *)malloc(header->len)) == NULL){
					perror("allocate memory error\n");
					return -1;
			}
			
			tmp_mgmt = frame_captured.frame_array[frame_captured.frame_list_size].u1.mgmt;
			tmp_mgmt->u1.fc.version = WLAN_FC_GET_VERSION(pkt_data[0]);
			tmp_mgmt->u1.fc.type = WLAN_FC_GET_TYPE(pkt_data[0]);
			tmp_mgmt->u1.fc.subtype = WLAN_FC_GET_STYPE(pkt_data[0]);
			tmp_mgmt->u1.fc.to_ds =  WLAN_FC_GET_TODS(pkt_data[1]);
			tmp_mgmt->u1.fc.from_ds = WLAN_FC_GET_FROMDS(pkt_data[1]);
			tmp_mgmt->u1.fc.more_frag = WLAN_FC_GET_MOREFRAG(pkt_data[1]);
			tmp_mgmt->u1.fc.retry = WLAN_FC_GET_RETRY(pkt_data[1]);
			tmp_mgmt->u1.fc.pwrmgmt = WLAN_FC_GET_PWRMGT(pkt_data[1]);
			tmp_mgmt->u1.fc.more_data = WLAN_FC_GET_MOREDATA(pkt_data[1]);
			tmp_mgmt->u1.fc.wep = WLAN_FC_GET_ISWEP(pkt_data[1]);
			tmp_mgmt->u1.fc.order = WLAN_FC_GET_ORDER(pkt_data[1]);	

			memcpy(&tmp_mgmt->duration, pkt_data + 2, 2);
			printf("pktdata[2] = %d, pkt_data[3] = %d\n", pkt_data[2], pkt_data[3]);
			
			printf("duration is %d\n", tmp_mgmt->duration);
			memcpy(&tmp_mgmt->da, pkt_data + 4, 6);
			memcpy(&tmp_mgmt->sa, pkt_data + 10, 6);
			memcpy(&tmp_mgmt->bssid, pkt_data + 16, 6);
			tmp_mgmt->u2.seq.fragment = WLAN_GET_SEQ_FRAG(pkt_data[22]);
			memcpy(&tmp_seq, pkt_data + 22, 2);
			tmp_mgmt->u2.seq.sequence = WLAN_GET_SEQ_SEQ(tmp_seq);	
			printf(" seq 1 = %0x ,seq 2 = %0x \n", pkt_data[22], pkt_data[23]);
			printf("fragment is %d, sequence is %0d\n", tmp_mgmt->u2.seq.fragment, tmp_mgmt->u2.seq.sequence);

			printf("tmp fc subtype = %d\n", tmp_mgmt->u1.fc.subtype);	
			//put the captured frame's btyes to the data structure from the frame body
			printf("frame len = %d\n", header->len);
			memcpy(&(tmp_mgmt->u), pkt_data + 24, header->len - 24);
			//the frame header is processed before, the fixed region is processed in switch
			//the unfixed region is processed after switch
			switch (stype){
				case WLAN_FC_STYPE_ASSOC_REQ:
					printf("assoc cap is 0x%0x\n", tmp_mgmt->u.assoc_req.capab_info);
					printf("aasoc listen_interval is 0x%0x\n", tmp_mgmt->u.assoc_req.listen_interval);
					
					ie_total_len = header->len - 24- 4;
					break;
				case WLAN_FC_STYPE_ASSOC_RESP:
					printf("assoc resp cap is 0x%0x\n", tmp_mgmt->u.assoc_resp.capab_info);
					printf("assoc resp status is 0x%0x\n", tmp_mgmt->u.assoc_resp.status_code);
					printf("assoc resp aid is 0x%0x\n", tmp_mgmt->u.assoc_resp.aid);
					ie_total_len = header->len - 24- 6;
					break;
				case WLAN_FC_STYPE_REASSOC_REQ:
					
					ie_total_len = header->len - 24- 5;
					break;
				case WLAN_FC_STYPE_REASSOC_RESP:
					ie_total_len = header->len - 24- 6;
					break;
				case WLAN_FC_STYPE_PROBE_REQ:
					printf("probe request has no fix region\n");
					ie_total_len = header->len - 24- 0;
					break;
				case WLAN_FC_STYPE_PROBE_RESP:
					printf("probe resp timestamp is ");
					for (i = 0; i < 8; i++){
						printf("%0x:", tmp_mgmt->u.probe_resp.timestamp[i]);
					}
					printf("\n");
					printf("beacon inter is %0x\n", tmp_mgmt->u.probe_resp.beacon_int);
					printf("beacon cap is %0x\n", tmp_mgmt->u.probe_resp.capab_info);
					//this we process ie
					ie_total_len = header->len - 24- 12;
					break;
				case WLAN_FC_STYPE_BEACON:
					printf("beacon timestamp is 0x");
					for (i = 0; i < 8; i++){
						printf("%0x:", tmp_mgmt->u.beacon.timestamp[i]);
					}
					printf("\n");
					printf("beacon inter is 0x%0x\n", tmp_mgmt->u.beacon.beacon_int);
					printf("beacon cap is 0x%0x\n", tmp_mgmt->u.beacon.capab_info);
					//this we process ie
					ie_total_len = header->len - 24- 12;
					break;
				case WLAN_FC_STYPE_ATIM:
					ie_total_len = header->len - 24- 12;
					break;
				case WLAN_FC_STYPE_DISASSOC:
					printf("disassoc reason_code is 0x%0x\n", tmp_mgmt->u.disassoc.reason_code);
					ie_total_len = header->len - 24- 2;
					break;
				case WLAN_FC_STYPE_AUTH:
					printf("auth alg is 0x%0x\n", tmp_mgmt->u.auth.auth_alg);
					printf("auth transaction is 0x%0x\n", tmp_mgmt->u.auth.auth_transaction);
					printf("auth status code is 0x%0x\n", tmp_mgmt->u.auth.status_code);
					ie_total_len = header->len - 24- 6;
					
					break;
				case WLAN_FC_STYPE_DEAUTH:
					printf("deauth reason code is 0x%0x\n", tmp_mgmt->u.deauth.reason_code);
					ie_total_len = header->len - 24- 2;
					break;

				default:
					printf("unkonwn management frame subtype\n");
		//			return -1;
			}
			printf("\nshow ie\n");
			printf("ie len is %d\n", ie_total_len);
			offset_ie  = 0;
			while(offset_ie < ie_total_len){
				tagged_num = tmp_mgmt->u.beacon.variable[offset_ie];
				printf("tagged num is %d", tagged_num);
				tagged_len = tmp_mgmt->u.beacon.variable[offset_ie + 1];
				printf("tagged len is %d\n", tagged_len);
				printf("tagged values:");
				for (i = 0; i < tagged_len; i++){
					printf("%c", tmp_mgmt->u.beacon.variable[offset_ie + 2 + i]);
				}
				printf("\n");	
				offset_ie += 2 + tagged_len;
			}

			break;
		case WLAN_CONTROL_FRAME:
			
			//do something for all control frame
			printf("-------------------------------------------\n");
			if  ((frame_captured.frame_array[frame_captured.frame_list_size].u1.control = (struct platform_ieee80211_control *)malloc(header->len)) == NULL){
					perror("allocate memory error\n");
					return -1;
			}
			
			tmp_control = frame_captured.frame_array[frame_captured.frame_list_size].u1.control;
			memcpy(tmp_control, pkt_data, header->len);
			tmp_control->u1.fc.version = WLAN_FC_GET_VERSION(pkt_data[0]);
			tmp_control->u1.fc.type = WLAN_FC_GET_TYPE(pkt_data[0]);
			tmp_control->u1.fc.subtype = WLAN_FC_GET_STYPE(pkt_data[0]);
			tmp_control->u1.fc.to_ds =  WLAN_FC_GET_TODS(pkt_data[1]);
			tmp_control->u1.fc.from_ds = WLAN_FC_GET_FROMDS(pkt_data[1]);
			tmp_control->u1.fc.more_frag = WLAN_FC_GET_MOREFRAG(pkt_data[1]);
			tmp_control->u1.fc.retry = WLAN_FC_GET_RETRY(pkt_data[1]);
			tmp_control->u1.fc.pwrmgmt = WLAN_FC_GET_PWRMGT(pkt_data[1]);
			tmp_control->u1.fc.more_data = WLAN_FC_GET_MOREDATA(pkt_data[1]);
			tmp_control->u1.fc.wep = WLAN_FC_GET_ISWEP(pkt_data[1]);
			tmp_control->u1.fc.order = WLAN_FC_GET_ORDER(pkt_data[1]);
			printf("control frame's subtype is %d\n", tmp_control->u1.fc.subtype);	
			printf("control frame's len is %d\n", header->len);
			switch (stype){
				case WLAN_FC_STYPE_RTS:
					printf("RTS duration: %d\n", tmp_control->u2.duration);
					printf("RTS RA is ");
					for (i = 0; i < 6; i++){
						printf("%0x: ", tmp_control->u3.ra[i]);
					}
					printf("\nRTS TA is ");
					for (i = 0; i < 6; i++){
						printf("%0x: ", tmp_control->u4.ta[i]);
					}
					printf("\n");
					break;
				case WLAN_FC_STYPE_CTS:
					printf("CTS duration is %d\n", tmp_control->u2.duration);
					printf("CTS RA is ");
					for (i = 0; i < 6; i++){
						printf("%0x: ", tmp_control->u3.ra[i]);
					}
					printf("\n");
					break;
				case WLAN_FC_STYPE_ACK:
				//	printf("header len is %d\n", header->len);
					printf("ACK's duration is %d\n", tmp_control->u2.duration);	
					printf("ACK's RA is :");
					for (i = 0; i < 6; i++){
						printf("%0x: ",tmp_control->u3.ra[i]);
					}
					printf("\n");
				/*	printf("ACK's FCS is ");
					for (i = 0; i < 4; i++){
						printf("%0x ",tmp_control->u4.fcs[i]);
					}
					printf("\n");*/
					break; 
				default:
					printf("unkonwn control frame subtype \n");
		//		return -1;
			}
			break;
		case WLAN_DATA_FRAME:
					
			
			//do something for all control frame
			printf("-------------------------------------------\n");
			if  ((frame_captured.frame_array[frame_captured.frame_list_size].u1.data = (struct platform_ieee80211_data *)malloc(header->len)) == NULL){
					perror("allocate memory error\n");
					return -1;
			}
			
			tmp_data = frame_captured.frame_array[frame_captured.frame_list_size].u1.data;
			memcpy(tmp_data, pkt_data, header->len);
			printf("data type is subtype is %d\n", tmp_data->u1.fc.type, tmp_data->u1.fc.subtype);
			printf("data frame duration is %d\n", tmp_data->duration);
		
			switch (stype){
				case WLAN_FC_STYPE_DATA:
					printf("data frame len is %d \n", header->len);
					break;
				
				default:
					printf("unknown data frame subtype\n");
		//			return -1;
			}
			break;

		default:
			
			//do something for unknown frame
			printf("-------------------------------------------\n");
			if  ((frame_captured.frame_array[frame_captured.frame_list_size].u1.unknown = (struct platform_ieee80211_unknown *)malloc(header->len)) == NULL){
					perror("allocate memory error\n");
					return -1;
			}
			
			tmp_unknown = frame_captured.frame_array[frame_captured.frame_list_size].u1.unknown;
			tmp_unknown->u1.fc.version = WLAN_FC_GET_VERSION(pkt_data[0]);
			tmp_unknown->u1.fc.type = WLAN_FC_GET_TYPE(pkt_data[0]);
			tmp_unknown->u1.fc.subtype = WLAN_FC_GET_STYPE(pkt_data[0]);
			tmp_unknown->u1.fc.to_ds =  WLAN_FC_GET_TODS(pkt_data[1]);
			tmp_unknown->u1.fc.from_ds = WLAN_FC_GET_FROMDS(pkt_data[1]);
			tmp_unknown->u1.fc.more_frag = WLAN_FC_GET_MOREFRAG(pkt_data[1]);
			tmp_unknown->u1.fc.retry = WLAN_FC_GET_RETRY(pkt_data[1]);
			tmp_unknown->u1.fc.pwrmgmt = WLAN_FC_GET_PWRMGT(pkt_data[1]);
			memcpy(tmp_unknown->variable, pkt_data + 2, header->len - 2);
			printf("unknown frame type %d\n", type);
		//	return -1;
	}
	frame_captured.frame_list_size++;
//	printf("----%d  %d----\n",type, stype);
	return;
}

int wireless_frame_parse(char *pcap_file_path){
	pcap_t *pd = NULL;
	char errstr[PCAP_ERRBUF_SIZE + 1];
	if (pcap_file_path == NULL){//do capture from current net
		//to do pcap_open
	}else{//do capture from the pcap files
		printf("pcap path is %s\n", pcap_file_path);	
		pd = pcap_open_offline(pcap_file_path, errstr);
		if (pd == NULL){
			perror("pcap open offline");
			return -1;
		}
		pcap_loop(pd, 0, dispatch_handler, NULL);
	}

	printf("\n\n wireless parse end\n\n");
	return 0;
}

void main(){
	printf("\nwireless frame parse module start!\n");
	int get_packet_from_file = 1;
	char  *pcap_file_path = NULL;
	char *file_path = "pcap/auth12.pcap";
	if (get_packet_from_file == 1){
		pcap_file_path = (char*)malloc(sizeof(char)*PCAP_PATH_SIZE);
		memcpy(pcap_file_path, /*"pcap/auth_ok.pcap"*/file_path, strlen(file_path/*"pcap/auth_ok.pcap"*/));
	}
	memset(&frame_captured, 0, sizeof(struct frame_list));
	wireless_frame_parse(pcap_file_path);
	return ;
}